1. Technical Field
The present disclosure relates to an update management method, an update management system, and a non-transitory recording medium having a computer program stored thereon, for updating data stored in an electronic control unit in an onboard network system.
2. Description of the Related Art
In recent years, a great number of devices called electronic control units (ECU) have been placed in systems in automobiles. A network connecting these ECUs is referred to as an onboard network. Many standards exist for onboard networks. The most mainstream of these is a standard called Controller Area Network (CAN), that is stipulated in ISO11898-1. A CAN is configured using two busses, and each ECU connected to the buses is called a node. Each node connected to a bus transmits/receives messages called frames. No identifiers indicating the transmission destination or transmission source exist in CAN, with the transmitting node attaching an ID (called a message ID) to each frame and transmitting (i.e., sending out signals to the bus), and the receiving nodes only receiving frames of a predetermined message ID (i.e., reading signals from the bus). The Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) format is also employed, so when multiple nodes transmit at the same time, arbitration by message ID is performed, with frames having a smaller message ID value being transmitted with higher priority. There also exists a port (hereinafter referred to as “diagnostic port”) that is an interface communicating with an external tool (e.g., an external device such as a malfunction diagnostics tool or the like), called On-Board Diagnostics 2 (OBD2) in the onboard network, which is used for ECU diagnosis. As of recent, the diagnostic port can be used not only for diagnosis but also of rewriting firmware of the ECU. Additionally, external tools that can be connected to the diagnostic port are being sold inexpensively, and there is an increase in external tools that general users who are not professionals can use.
Accordingly, there is an increased risk of an unauthorized external tool being connected to the diagnostic port. Unauthorized rewriting of the firmware of the ECU on the onboard network by an unauthorized tool enables the vehicle to be unauthorizedly controlled. There is a method for preventing such unauthorized rewriting of firmware via the diagnostic port, where an identification code is embedded in a firmware update request message that the external tool transmits, and updating of the firmware is permitted in a case where the identification code matches a registration code (see Japanese Unexamined Patent Application Publication No. 2013-141948). However, the method in Japanese Unexamined Patent Application Publication No. 2013-141948 has a risk that the firmware of all ECUs will be rewritten in a case where the identification code given to the external tool that updates the firmware is leaked.